Example 11 with XMLConfig
use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.XMLConfig in project carbon-apimgt by wso2.
the class XMLAnalyzerTestCase method testConfigureAnalyzer.
@Test
public void testConfigureAnalyzer() throws Exception {
init();
XMLAnalyzer analyzer = new XMLAnalyzer();
analyzer.configure(xmlConfig);
}
Also used :
XMLAnalyzer(org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.XMLAnalyzer)
BeforeTest(org.testng.annotations.BeforeTest)
Test(org.testng.annotations.Test)
Example 12 with XMLConfig
use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.XMLConfig in project carbon-apimgt by wso2.
the class XMLAnalyzerTestCase method testMaxChildrenPerElement.
@Test(expectedExceptions = APIMThreatAnalyzerException.class)
public void testMaxChildrenPerElement() throws Exception {
init();
xmlConfig.setMaxChildrenPerElement(2);
XMLAnalyzer analyzer = new XMLAnalyzer();
analyzer.configure(xmlConfig);
String xmlString = "<root><c1></c1><c2></c2><c3></c3></root>";
analyzer.analyze(xmlString, "/foo");
}
Also used :
XMLAnalyzer(org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.XMLAnalyzer)
BeforeTest(org.testng.annotations.BeforeTest)
Test(org.testng.annotations.Test)
Example 13 with XMLConfig
use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.XMLConfig in project carbon-apimgt by wso2.
the class XMLSchemaValidator method configureSchemaProperties.
/**
* This method binds the properties of the json validator sequence with the XMLConfig object.
*
* @param messageContext This message context contains the request message properties of the relevant
* API which was enabled the XML_Validator message mediation in flow.
* @return XMLConfig contains the xml schema properties need to be validated.
*/
XMLConfig configureSchemaProperties(MessageContext messageContext) {
Object messageProperty;
boolean dtdEnabled = false;
boolean externalEntitiesEnabled = false;
int maxXMLDepth = 0;
int elementCount = 0;
int attributeLength = 0;
int attributeCount = 0;
int entityExpansionLimit = 0;
int childrenPerElement = 0;
messageProperty = messageContext.getProperty(ThreatProtectorConstants.DTD_ENABLED);
if (messageProperty != null) {
dtdEnabled = Boolean.valueOf(messageProperty.toString());
} else {
String message = "XML schema dtdEnabled property value is missing.";
ThreatExceptionHandler.handleException(messageContext, message);
}
messageProperty = messageContext.getProperty(ThreatProtectorConstants.EXTERNAL_ENTITIES_ENABLED);
if (messageProperty != null) {
externalEntitiesEnabled = Boolean.valueOf(messageProperty.toString());
} else {
String message = "XML schema externalEntitiesEnabled property value is missing.";
ThreatExceptionHandler.handleException(messageContext, message);
}
messageProperty = messageContext.getProperty(ThreatProtectorConstants.MAX_ELEMENT_COUNT);
if (messageProperty != null) {
elementCount = Integer.parseInt(messageProperty.toString());
} else {
String message = "XML schema elementCount property value is missing.";
ThreatExceptionHandler.handleException(messageContext, message);
}
messageProperty = messageContext.getProperty(ThreatProtectorConstants.MAX_ATTRIBUTE_LENGTH);
if (messageProperty != null) {
attributeLength = Integer.parseInt(messageProperty.toString());
} else {
String message = "XML schema maxAttributeLength property value is missing.";
ThreatExceptionHandler.handleException(messageContext, message);
}
messageProperty = messageContext.getProperty(ThreatProtectorConstants.MAX_XML_DEPTH);
if (messageProperty != null) {
maxXMLDepth = Integer.parseInt(messageProperty.toString());
} else {
String message = "XML schema xmlDepth property value is missing.";
ThreatExceptionHandler.handleException(messageContext, message);
}
messageProperty = messageContext.getProperty(ThreatProtectorConstants.MAX_ATTRIBUTE_COUNT);
if (messageProperty != null) {
attributeCount = Integer.parseInt(messageProperty.toString());
} else {
String message = "XML schema attributeCount property value is missing.";
ThreatExceptionHandler.handleException(messageContext, message);
}
messageProperty = messageContext.getProperty(ThreatProtectorConstants.ENTITY_EXPANSION_LIMIT);
if (messageProperty != null) {
entityExpansionLimit = Integer.parseInt(messageProperty.toString());
} else {
String message = "XML schema entityExpansionLimit property value is missing.";
ThreatExceptionHandler.handleException(messageContext, message);
}
messageProperty = messageContext.getProperty(ThreatProtectorConstants.CHILDREN_PER_ELEMENT);
if (messageProperty == null) {
String message = "XML schema childrenElement property value is missing.";
ThreatExceptionHandler.handleException(messageContext, message);
} else {
childrenPerElement = Integer.parseInt(messageProperty.toString());
}
if (log.isDebugEnabled()) {
log.debug(("DTD enable:" + dtdEnabled) + ", " + "External entities: " + externalEntitiesEnabled + ", " + "Element Count:" + elementCount + ", " + "Max AttributeLength:" + attributeLength + ", " + "Max xml Depth:" + maxXMLDepth + ", " + "Attribute count:" + attributeCount + ", " + "Entity Expansion Limit" + attributeCount + ". " + "childrenElement:" + attributeCount);
}
XMLConfig xmlConfig = new XMLConfig();
xmlConfig.setDtdEnabled(dtdEnabled);
xmlConfig.setExternalEntitiesEnabled(externalEntitiesEnabled);
xmlConfig.setMaxDepth(maxXMLDepth);
xmlConfig.setMaxElementCount(elementCount);
xmlConfig.setMaxAttributeCount(attributeCount);
xmlConfig.setMaxAttributeLength(attributeLength);
xmlConfig.setEntityExpansionLimit(entityExpansionLimit);
xmlConfig.setMaxChildrenPerElement(childrenPerElement);
return xmlConfig;
}
Also used :
XMLConfig(org.wso2.carbon.apimgt.gateway.threatprotection.configuration.XMLConfig)
Example 14 with XMLConfig
use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.XMLConfig in project carbon-apimgt by wso2.
the class AnalyzerHolder method getAnalyzer.
/**
* Borrows an object from pools (xml or json) for threat analysis
*
* @param contentType Content-Type of the payload
* @return Instance of APIMThreatAnalyzer based on content type
*/
public static APIMThreatAnalyzer getAnalyzer(String contentType) {
APIMThreatAnalyzer analyzer = null;
if (ThreatProtectorConstants.TEXT_XML.equalsIgnoreCase(contentType) || ThreatProtectorConstants.APPLICATION_XML.equalsIgnoreCase(contentType)) {
try {
analyzer = xmlAnalyzerAnalyzerPool.borrowObject();
XMLConfig xmlConfig = ConfigurationHolder.getXmlConfig();
analyzer.configure(xmlConfig);
} catch (Exception e) {
// here apache.commons GenericObjectPool's borrow object method throws generic exception.
// here log the stacktrace along with the message.
log.error("Threat Protection: Error occurred while getting an object from the pool.", e);
}
} else if (ThreatProtectorConstants.TEXT_JSON.equalsIgnoreCase(contentType) || ThreatProtectorConstants.APPLICATION_JSON.equalsIgnoreCase(contentType)) {
try {
analyzer = jsonAnalyzerAnalyzerPool.borrowObject();
JSONConfig jsonConfig = ConfigurationHolder.getJsonConfig();
analyzer.configure(jsonConfig);
} catch (Exception e) {
log.error("Threat Protection: Error occurred while getting an object from the pool.", e);
}
}
return analyzer;
}
Also used :
XMLConfig(org.wso2.carbon.apimgt.gateway.threatprotection.configuration.XMLConfig)
JSONConfig(org.wso2.carbon.apimgt.gateway.threatprotection.configuration.JSONConfig)
APIMThreatAnalyzer(org.wso2.carbon.apimgt.gateway.threatprotection.analyzer.APIMThreatAnalyzer)
Example 15 with XMLConfig
use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.XMLConfig in project carbon-apimgt by wso2.
the class XMLSchemaValidatorTest method init.
@Before
public void init() {
PowerMockito.mock(ConfigurationHolder.class);
PowerMockito.mock(APIMThreatAnalyzer.class);
Mockito.mock(ThreatProtectorConstants.class);
xmlConfig = new XMLConfig();
xmlConfig.setMaxAttributeCount(1);
xmlConfig.setMaxChildrenPerElement(5);
xmlConfig.setEntityExpansionLimit(5);
xmlConfig.setMaxAttributeLength(1);
xmlConfig.setMaxElementCount(5);
xmlConfig.setMaxDepth(5);
xmlConfig.setDtdEnabled(false);
xmlConfig.setExternalEntitiesEnabled(false);
}Aggregations
BeforeTest (org.testng.annotations.BeforeTest)7
Test (org.testng.annotations.Test)7
XMLAnalyzer (org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.XMLAnalyzer)6
XMLConfig (org.wso2.carbon.apimgt.gateway.threatprotection.configuration.XMLConfig)5
XMLConfig (org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.XMLConfig)4
APIMThreatAnalyzer (org.wso2.carbon.apimgt.gateway.threatprotection.analyzer.APIMThreatAnalyzer)2
BufferedInputStream (java.io.BufferedInputStream)1
IOException (java.io.IOException)1
InputStream (java.io.InputStream)1
XMLStreamException (javax.xml.stream.XMLStreamException)1
Axis2MessageContext (org.apache.synapse.core.axis2.Axis2MessageContext)1
BBoolean (org.ballerinalang.model.values.BBoolean)1
BStruct (org.ballerinalang.model.values.BStruct)1
Before (org.junit.Before)1
Test (org.junit.Test)1
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)1
APIMThreatAnalyzer (org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.APIMThreatAnalyzer)1
JSONAnalyzer (org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.JSONAnalyzer)1
JSONConfig (org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.JSONConfig)1
APIMThreatAnalyzerException (org.wso2.carbon.apimgt.gateway.threatprotection.APIMThreatAnalyzerException)1
